Twistlock plugs into your Continuous Integration tools like Jenkins and TeamCity to give developers clear insight into vulnerabilities present in every build. Our CI integration allows devs to see vulnerability data directly inside of the same tools they’re already using to build their apps, with results updated every time they run a build job or a new CVE is discovered. Vulnerable status is tracked over time and developers see graphs and trend lines as they remediate problems.
Twistlock’s plugins allow you to define and enforce your vulnerability policies at build time. Set a policy to require that one build job must not have any vulnerabilities, while another cannot have any that are at a severity rating of medium or high. Twistlock compares the vulnerability state for each build against your policies and fails builds that aren’t compliant, ensuring vulnerable images never make it out of development.
Twistlock provides granular control beyond simply evaluating severity ratings. Explicitly block individual CVEs, ignore others, and apply different policies to different build jobs. Our CI integration is designed to help you enforce whatever requirements are uniquely important to you.
In addition to our native plugins, we also provide a standalone, statically compiled scanner that can integrate with virtually any CI / CD tool or process. Our Twistlock scanner is designed for automation and is easily incorporated into your existing tooling to provide comprehensive vulnerability details and a full bill of materials for every image you build, all in an open JSON format.
Twistlock’s intelligence stream sources and aggregates vulnerability information directly from upstream projects, such as Ubuntu, Red Hat, Java, and Node.js from open source, commercial, and Twistlock Labs sources. The vulnerability information is used across the product, including in CI integration. This means that the vulnerability data you see for each build is always up to date and from authoritative sources, meaning you have more precise findings with fewer false positives.
See vulnerability trends over time and per build to ensure you’re trending in the right direction. For every build, see not just a list of vulnerabilities, but also integrated information on vendor security bulletins, fix status, and links to download updates, all without ever leaving your CI portal.